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(Currently Amended) A method for communicating a session key from a first 
multicast proxy service node of a secure multicast group to a plurality of other 
multicast proxy service nodes of the secure multicast group in a communication 
network, wherein each of the multicast proxy service nodes is capable of estabhshing 
multicast communication and serving as a key distribution center, the method 
comprising the steps of: 

creating and storing [[a]] an original g roup session key associated with the secure 

multicast group in a first directory; 
authenticating the first multicast proxy service node with a subset of the multicast 

proxy service nodes that are affected by an addition of the first multicast proxy 

service node to the secure multicast group, based on the original g roup session 

key stored in the first directory; 
receiving a plurality of private keys from the subset of the multicast proxy service 

nodes; 

receiving a new group session key for the secure multicast group, for use after addition 
of the first multicast proxy service node, from a local multicast proxy service 
node that has received the original g roup session key through periodic 
replication of the first directory; 

communicating the new group session key privat e key to the first multicast proxy 
service node; and 

communicating a message to the subset of the multicast proxy service nodes that 

causes the subset of the multicast proxy service nodes to update their private 
keys. 
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1 2. (Currently Amended) A method as recited in Claim 1, wherein authenticating the 

2 plurality of first multicast proxy service nod e s node includes authenticating the 

3 plurality of first multicast proxy service nod e s node based on a second directory that 

4 comprises a directory system agent (DSA) that communicates with one or more of the 

5 multicast proxy service nodes and a replication service agent (RS A) that replicates 

6 attribute information of the one or more multicast proxy service nodes. 

1 3. (Currently Amended) A method as recited in Claim 1, wherein receiving [[a]] the new 

2 group session key includes receiving the new group session key from a node of a 

3 second directory that comprises a directory system agent (DSA) for communicating 

4 with one or more of the multicast proxy service nodes and a replication service agent 

5 (RSA) for replicating key information of the one or more multicast proxy service 

6 nodes. 

1 4. (Currently Amended) A method as recited in Claim 3, further comprising the step of 

2 signaling the replication service agent to carry out replication by storing an updated 

3 group session key in a local node of the first directory. 



1 5. (Currently Amended) A method as recited in Claim 1, fiarther comprising distributing 

2 [[a]] the original g roup session key to all nodes by creating and storing the original 

3 group session key using a first multicast proxy service node of one domain of the first 

4 directory; replicating the first directory; and obtaining the original group session key 

5 from a local multicast proxy service node that is a replica of the first multicast proxy 

6 service node. 

1 6. (Currently Amended) A method as recited in Claim 1, further comprising distributing 

2 [[a]] the new g roup session key to all nodes by creating and storing the new g roup 

3 session key using a first multicast proxy service node of one domain of the first 

4 directory; replicating the first directory; and obtaining the new g roup session key fi-om 

5 a local multicast proxy service node that is a replica of the first multicast proxy service 

6 node. 
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1 7. (Currently Amended) A communication system for managing addition of 

2 communicating a session key from a first multicast proxy service node te of a secure 

3 multicast group that includ e s to a plurality of other multicast proxy service nodes of 

4 the secure multicast group in a communication network, wherein each of the multicast 

5 proxy service nodes is capable of establishing multicast communication and serving as 

6 a key distribution center, the communication system comprising: 

7 a group controller that creates and manages secure multicast communication among 

8 the other multicast proxy service nodes, having a private key; 

9 a computer-readable medium comprising one or more instructions which, when 

10 executed by one or more processors, cause the one or more processors to carry 

1 1 out the steps of: 

12 creating and storing [[a]] an original g roup session key associated with the secure 

13 multicast group in a first directory; 

14 authenticating the first multicast proxy service node with a subset of the multicast 

15 proxy service nodes that are affected by an addition of the multicast proxy 

16 service node to the secure multicast group, based on the original g roup session 

1 7 key stored in the first directory; 

1 8 receiving a plurality of private keys from the subset of the multicast proxy service 

19 nodes; 

20 receiving a new group session key for the secure multicast group, for use after addition 

21 of the first multicast proxy service node, from a local multicast proxy service 

22 node that has received the original g roup session key through periodic 

23 replication of the first directory; 

24 communicating the new group session key privat e k e y to the first multicast proxy 

25 event service node; and 

26 communicating a message to the subset o f the multicast proxy service nodes that 

27 causes the subset o f the multicast proxy service nodes to update their private 

28 keys. 

1 ^ (Cancelled) 
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1 9. (Cancelled) 
1 10. (Cancelled) 




1 p. . (Currently Amended) A communication system for creating a secure multicast or 

2 broadcast group, the communication system comprising: 

3 a plurality of multicast proxy service nodes, each node of the plurality of multicast 

4 proxy service nodes having attribute information comprising a group 

5 identification value for uniquely identifying a particular one node of the 

6 multicast proxy service nodes, wh e r e in the plurality of multicast proxy s e rvic e 

7 nod e s form a logical arrang e ment of th e multicast proxy s e rvic e nod e s 

8 according to a tr ee structur e , th e tr ee structur e having a root nod e , interm e diat e 

9 nod e s, and l e af nod e s, on e of th e multicast proxy s e rvic e node being d e signated 

10 as a primary multicast proxy s e rvic e nod e , th e primary multicast proxy s e rvic e 

11 nod e b e ing mapp e d to th e root nod e , th e oth e r multicast proxy s e rvic e nod e s 

12 having privat e k e ys corr e sponding to th e group id e ntification valu e s and b e ing 

13 mapp e d to th e int e rm e diat e nod e s and th e l e af nod e s; and 

14 a directory comprising a directory system agent (DSA) for communicating with one or 

15 more of the multicast proxy service nodes to authenticate each of the multicast 

16 proxy service nodes and a replication service agent (RSA) for replicating the 

17 attribute information of the one or more multicast proxy service nodes; and 

18 a plurality of cli e nt nod e s coupl e d to on e of th e multicast proxy s e rvic e nod e s, th e on e 

19 multicast proxy s e rvic e nod e cr e ating a s e cur e multicast or broadcast cli e nt 

20 group that is s e parat e from th e s e cur e multicast or broadcast group; 

21 wherein one of the multicast proxy service nodes generates a first group session key 

22 for establishing the secure multicast or broadcast group among the plurality of 

23 multicast proxy service nodes and distributes the first group session key to 

24 other multicast proxy service nodes in the secure multicast or broadcast group 

25 using directory replication. 



Docket No. 50325-0083 (1422) 



5 



Application of Sunil K. Srivastava, et al, Ser. No. 09/470,054, Filed 12/22/99 
Reply to Office Action 



1 p2. (Cancelled) 



1 )o. (Currently Amended) A computer-readable medium carrying one or more sequences 

2 of instructions for communicating a session key from a first multicast proxy service 

3 node of a secure multicast group to a plurality of other multicast proxy service nodes 

4 of the secure multicast group in a communication netv/ork, wherein each of the 

5 multicast proxy service nodes is capable of establishing multicast communication and 

6 serving as a key distribution center, wherein execution of the one or more sequences of 

7 instructions by one or more processors causes the one or more processors to perform 

8 the steps of: 

9 creating and storing [[a]] an original g roup session key associated with the secure 

10 multicast group in a first directory; 

1 1 authenticating the first multicast proxy service node with a subset of the multicast 

12 proxy service nodes that are affected by an addition of the first multicast proxy 

1 3 service node to the secure multicast group, based on the original g roup session 

14 key stored in the first directory; 

15 receiving a plurality of private keys from the subset of the multicast proxy service 

16 nodes; 

1 7 receiving a new group session key for the secure muUicast group for use after addition 

18 of the first multicast proxy service node from a local multicast proxy service 

19 node that has received the original g roup session key through periodic 

20 replication of the first directory; 

21 communicating the new group session key privat e k e y to the first multicast proxy 

22 service node; ^id 

23 communicating a message to the subset of the multicast proxy service nodes that 

24 causes the subset of the multicast proxy service nodes to update their private 

25 keys. 
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1 14. (New) A computer-readable medium as recited in Claim wherein the mstructions 

2 for authenticating the first multicast proxy service node further comprises instructions 

3 which, when executed by the one or more processors, cause the one or more 

4 processors to carry out the steps of authenticating the first multicast proxy service node 

5 based on a second directory that comprises a directory system agent (DSA) that 

6 communicates with one or more of the multicast proxy service nodes and a replication 

7 service agent (RSA) that replicates attribute information of the one or more multicast 

8 proxy service nodes. 



(New) A computer-readable medium as recited in Claim io, wherein the instructions 
for receiving the new group session key further comprises instructions which, when 

3 executed by the one or more processors, cause the one or more processors to carry out 

4 the step of receiving the new group session key from a node of a second directory that 

5 comprises a directory system agent (DSA) for communicating with one or more of the 

6 multicast proxy service nodes and a replication service agent (RSA) for replicating key 

7 information of the one or more multicast proxy service nodes. 

1 (New) A computer-readable medium as recited in Claim lo, further comprising 

2 instructions which, when executed by the one or more processors, cause the one or 

3 more processors to carry out the step of signaling the replication service agent to carry 

4 out replication by storing an updated group session key in a local node of the first 

5 directory. 

1 yi, (New) A computer-readable medium as recited in Claim J/SC further comprising 

2 instructions which, when executed by the one or more processors, cause the one or 

3 more processors to carry out the steps of distributing the original group session key to 

4 all nodes by creating and storing the original group session key using a first multicast 

5 proxy service node of one domain of the first directory; replicating the first directory; 

6 and obtaining the original group session key from a local multicast proxy service node 

7 that is a replica of the first multicast proxy service node. 
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(New) A computer-readable medium as recited in Claim^, further comprising 
instructions which, when executed by the one or more processors, cause the one or 
more processors to carry out the steps of distributing the new group session key to all 
nodes by creating and storing the new group session key using a first multicast proxy 
service node of one domain of the first directory; replicating the first directory; and 
obtaining the new group session key from a local multicast proxy service node that is a 
replica of the first multicast proxy service node. 



instructions for authenticating the first multicast proxy service node further comprise 
one or more instructions which, when executed by the one or more processors, cause 
the one or more processors to carry out the step of: 

authenticating the first multicast proxy service node based on a second directory that 
comprises a directory system agent (DSA) that communicates with one or more 
of the multicast proxy service nodes and a replication service agent (RSA) that 
replicates attribute information of the one or more multicast proxy service 
nodes. 



(New) A communication system as recited in Claim 7, wherein the one or more 
instructions for receiving the new group session key further comprise one or more 
instructions which, when executed by the one or more processors, cause the one or 
more processors to carry out the step of: 

receiving the new group session key from a node of a second directory that comprises 
a directory system agent (DSA) for communicating with one or more of the 
multicast proxy service nodes and a replication service agent (RSA) for 
replicating key information of the one or more multicast proxy service nodes. 




(New) A communication system as recited in Claim 7,'^wherein the one or more 
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1 Jti, (New) A communication system as recited in Claim further comprising one or 

2 more instructions which, when executed by the one or more processors, cause the one 

3 or more processors to carry out the step of signaling the replication service agent to 

4 carry out replication by storing an updated group session key in a local node of the first 

5 directory. 

II- 

1 ^ (New) A communication system as recited in Claim 7, further comprising one or more 

2 instructions which, when executed by the one or more processors, cause the one or 

3 more processors to carry out the steps of distributing the original group session key to 

4 all nodes by creating and storing the original group session key using a first multicast 

5 proxy service node of one domain of the first directory; replicating the first directory; 

6 and obtaining the original group session key from a local multicast proxy service node 

7 that is a replica of the first multicast proxy service node. 

1 y23. (New) A communication system as recited in Claim 7, further comprising one or more 

2 instructions which, when executed by the one or more processors, cause the one or 

3 more processors to carry out the step of distributing the new group session key to all 

4 nodes by creating and storing the new group session key using a first multicast proxy 

5 service node of one domain of the first directory; replicating the first directory; and 

6 obtaining the new group session key from a local multicast proxy service node that is a 

7 replica of the first multicast proxy service node. 

& p 

1 (New) A communication system as recited in Claim^, further comprising: 

2 a plurality of client nodes coupled to one of the multicast proxy service nodes, the one 

3 multicast proxy service node creating a secure multicast or broadcast client 

4 group that is separate from the secure multicast or broadcast group. 
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16, 

1 (New) A communication system as recited in ClaimyM^ wherein the plurality of 

2 multicast proxy service nodes form a logical arrangement of the plurality of multicast 

3 proxy service nodes according to a tree structure, the tree structure having a root node, 

4 one or more intermediate nodes, and one or more leaf nodes, one of the multicast 

5 proxy service node nodes being designated as a primary multicast proxy service node, 

6 the primary multicast proxy service node being mapped to the root node, the other 

7 multicast proxy service nodes having private keys corresponding to the group 

8 identification values and being mapped to the one or more intermediate nodes and the 

9 one or more leaf nodes. 
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